5 Replies Latest reply: Nov 2, 2012 10:21 AM by gimbal2 RSS

    Session Tracking before hitting any jsp page

    971973
      I want to validate the user session everyone when ever the request comes for any jsp page. I am able to validate the user in a filter for the first time. But i am confused what would happen when the request comes for other pages...how will i be able to get the same session from the server?
        • 1. Re: Session Tracking before hitting any jsp page
          gimbal2
          968970 wrote:
          But i am confused what would happen when the request comes for other pages...
          Why do you mean by "other pages"?
          • 2. Re: Session Tracking before hitting any jsp page
            971973
            i mean subsequent request for any page after validating the user first time....
            • 3. Re: Session Tracking before hitting any jsp page
              gimbal2
              The server makes sure you have the same session object for the same client each time the filter fires. It does so by setting a cookie with the sessionID (by default anyway). As long as that cookie is submitted with the request, the server will be able to present you with the correct session object for each request.
              • 4. Re: Session Tracking before hitting any jsp page
                971973
                Yes, server will be able to present me with the same session object associated with that client. But my concern is how exactly server does that? Where does server stores all these ids or state? And who generates the session id server or client?
                • 5. Re: Session Tracking before hitting any jsp page
                  gimbal2
                  968970 wrote:
                  But my concern is how exactly server does that?
                  A good question! To research yourself. But while I'm at it...
                  Where does server stores all these ids or state?
                  The ID is stored in a cookie (JSessionID, something to google) so the client can store it and send it back to the server. Alternatively URL rewriting can be configured if cookies are somehow a problem. The session store itself is in memory on the server of course.
                  And who generates the session id server or client?
                  The server of course. The client can't know what the server is going to expect.

                  You seem to be vague on what happens on the server and what happens on the client - it would be wise to read a little bit more into client/server architectures and then especially in the context of a web environment.